/15 Jan 2021

How Leading Companies Balance Security And Productivity

The massive and rapid move to remote workforces that was triggered by the global pandemic placed unique challenges on CISOs and their security teams. They need to balance the need for maintaining effective remote worker productivity without compromising on enterprise-grade security. The challenge is made even more difficult by the changing threat landscape and increasing complexity of systems.

CSO Magazine has launched a podcast called “Strengthen and streamline your security” to explore this topic in more detail. Featuring insights and tips from Microsoft executives and leading industry security experts including 10Pearls CSO Peter Hesse, this podcast is exploring modern security strategies focused on helping leading companies balance security and productivity.

The first episode of the podcast  focused on “Zero Trust” – a concept first developed by Forrester in 2009 which many security experts see as the best hope for stopping security breaches. Zero trust is a strategy that can be simply stated as “never trust, always verify.”

 

Balancing Security and Productivity

Traditional thinking of focusing only on strong perimeter defenses is out of date. Modern application architectures include internet-based software as a service (SaaS) solutions. Having all remote workforces forced to connect to a corporate VPN to get work done is impractical. If we make it difficult for users to be productive through our security solutions, they will work to find ways around them, and potentially expose the network.

Instead, balancing security and productivity starts by considering identity as the new perimeter. Understanding the identity of the person, device, or application making a request is a critical first step. Wherever possible, we should strengthen our understanding of identity by using other data points, such as multifactor authentication, location, and user behavior.

Once the identity is understood, it can be used for access control decisions both inside and outside the network. This is the “always verify” portion of the Zero Trust strategy. By default, no access should be granted. Requests will only be fulfilled after positive identity verification. This way even if your internal network has been breached, only trusted identities can access sensitive data.

The Zero Trust approach allows leading companies to prioritize their security efforts. Starting with their most sensitive information and systems, they can build in additional layers of access control and protection based on identity. They can take a risk-based priority approach to extend these controls and protections to additional systems based on the availability of their applications, security, and infrastructure teams.

Security must be a business enabler, rather than be seen as something that introduces friction to the employee experience. Leading companies are balancing security and productivity by ensuring their applications work in a Zero Trust model with identity as the perimeter.

If this topic is of interest to you, we would love to hear from you. We are helping businesses with all things digital, including cyber security and are always seeking great talent.

Privacy Overview
10Pearls

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Strictly necessary cookies

Strictly necessary cookies should be enabled at all times so that we can save your preferences for cookie settings.

Third-party cookies

This website uses third party tools such as Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.

Keeping this cookie enabled helps us to improve our website.